public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: Karunakar P <karunakarp@amiindia.co.in>
To: "afish@apple.com" <afish@apple.com>,
	"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "Ye, Ting" <ting.ye@intel.com>
Subject: Re: Pressing ESC from "PXE windows Boot manager" causes ASSERT
Date: Thu, 25 May 2017 06:38:11 +0000	[thread overview]
Message-ID: <A885E3F3F1F22B44AF7CC779C062228E7C289430@Venus2.in.megatrends.com> (raw)
In-Reply-To: <A2C71B49-62E3-47BB-8DAA-E436EE20080E@apple.com>

Hello All,

I've added some traces to narrow down the issue.

Once the NBP file downloaded, control will be given to it.
I've added some traces before StartImage() and after StartImage() call.

Following are the debug messages

// DEBUG message printed before StartImage()
// StartImage() called
wdsmgfw.Entry(100061C0)
WDS Boot Manager version 0800
Client IP: 192.168.0.6
Server IP: 192.168.0.1
Server Name: WIN-8PL637590SS
Press ENTER for network boot service.
Windows Deployment Services (Server IP: 192.168.0.1)
Contacting Server (192.168.0.1):
ESC=Exit -ConvertPages: Incompatible memory types
bootmgfw.Entry(849FE1C0)
ASSERT d:\PathtoProject\MdeModulePkg\Core\Dxe\Mem\Pool.c(561): CR has Bad Signature

It might be Boot Loader Issue, As control is NOT coming back.

Could you please help on this.

Thanks,
karunakar

-----Original Message-----
From: afish@apple.com [mailto:afish@apple.com] 
Sent: Wednesday, May 24, 2017 8:39 PM
To: Karunakar P
Cc: Ye, Ting; edk2-devel@lists.01.org
Subject: Re: [edk2] Pressing ESC from "PXE windows Boot manager" causes ASSERT

Karunakar,

Every Pool allocation has a header and a tail data structure that is outside of the user visible data. Both these structures have signatures. The ASSERT you are seeing is a bad signature in the header so that looks like a buffer underflow. It could also be a use after free bug.

Head:
POOL_HEAD
Buffer:
User Data
Tail:
POOL_TAIL

Given the checks only happen on Free it is possible it could be a buffer overflow on a buffer that has not yet been freed that runs into this buffer. 

If you have a debugger dumping the memory before and after the buffer can some times be useful. The pattern might give you some clues. 

Thanks,

Andrew Fish

> On May 23, 2017, at 10:16 PM, Karunakar P <karunakarp@amiindia.co.in> wrote:
> 
> Hello All,
> 
> The ASSERT happens in the following function
> 
> /**
>  Internal function to free a pool entry.
>  Caller must have the memory lock held
> 
>  @param  Buffer                 The allocated pool entry to free
>  @param  PoolType               Pointer to pool type
> 
>  @retval EFI_INVALID_PARAMETER  Buffer not valid
>  @retval EFI_SUCCESS            Buffer successfully freed.
> 
> **/
> EFI_STATUS
> CoreFreePoolI (
>  IN VOID               *Buffer,
>  OUT EFI_MEMORY_TYPE   *PoolType OPTIONAL
>  )
> {
> .
> .
> ASSERT(Buffer != NULL);
>  //
>  // Get the head & tail of the pool entry  //
>  Head = CR (Buffer, POOL_HEAD, Data, POOL_HEAD_SIGNATURE);	// ASSERT happens here
>  ASSERT(Head != NULL);
> .
> .
> }
> 
> We are using NetworkPkg: SHA- ef810bc807188224a752ffbcf5e7f4b651291cee
> 
> I think  here I'm unable attach the files.
> You can find the attached screenshots in the following Bug571
> https://bugzilla.tianocore.org/show_bug.cgi?id=571
> 
> Thanks,
> Karunakar
> 
> 
> -----Original Message-----
> From: Ye, Ting [mailto:ting.ye@intel.com]
> Sent: Wednesday, May 24, 2017 10:29 AM
> To: Karunakar P; edk2-devel@lists.01.org
> Subject: RE: Pressing ESC from "PXE windows Boot manager" causes 
> ASSERT
> 
> Hi Karunakar,
> 
> Sorry I did not find your attached files. Would you please send them again? Besides that, do you mind telling us which code base are you using for PXE boot?  Are you using some revision of EDKII main trunk or UDK release?
> 
> Thanks,
> Ting
> 
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of 
> Karunakar P
> Sent: Wednesday, May 24, 2017 12:20 PM
> To: edk2-devel@lists.01.org
> Subject: [edk2] Pressing ESC from "PXE windows Boot manager" causes 
> ASSERT
> 
> Hi All,
> 
> We have facing an issue with PXE boot.
> [Issue]
> When ESC is pressed from Windows Boot manager during PXE boot (IPv4 or 
> IPv6) system Hangs with following ASSERT
> 
> ASSERT [DxeCore] \MdeModulePkg\Core\Dxe\Mem\Pool.c : CR has Bad 
> Signature
> 
> [Reproduction Steps]
> 1. Perform UEFI PXEv4 or UEFI PXEv6 boot 2. It will start PXE boot over IPv4/6 and Downloads NBP file successfully.
>   Attached the Screenshot for the same(ScreenShot1.jpg)
> 
>   It will Displays the info like "Press ENTER for network boot service"
>   Attached Screensho(ScreenShot2.jpg)
> 
> 3. Press ENTER and then press ESC immediately to see the Windows Boot Manager Menu
>   It will list the available Operating Systems
>   Attached the screenshot(ScreenShot3.png)
> 
> 4. Press ESC to come back to Setup or next Boot option
> 
> [Result]
> System hangs with ASSERT
> 
> [Expected Result]
> On pressing ESC from Windows Boot Manager, it should come back to 
> setup/Next boot option in boot order
> 
> Note:
> We have PXE server configured in Windows Server 2012 R2.
> 
> Please look into it.
> 
> 
> Thanks,
> karunakar
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel



  reply	other threads:[~2017-05-25  6:38 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-05-24  4:20 Pressing ESC from "PXE windows Boot manager" causes ASSERT Karunakar P
2017-05-24  4:28 ` Andrew Fish
2017-05-24  4:58 ` Ye, Ting
2017-05-24  5:16   ` Karunakar P
2017-05-24 15:08     ` Andrew Fish
2017-05-25  6:38       ` Karunakar P [this message]
2017-05-25 10:37         ` Wu, Jiaxin
2017-05-25 11:34           ` Karunakar P
2017-05-27  5:24             ` Wu, Jiaxin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=A885E3F3F1F22B44AF7CC779C062228E7C289430@Venus2.in.megatrends.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox